NatWest “Important Security Update” Phishing Scam

Outline:
Email claiming to be an important security update from UK-based bank NatWest urges you to click an “online verification” link to complete the update and keep your account “active and protected”.

Analysis:
The email is certainly not from NatWest. Instead, it is a phishing scam designed to trick you into giving personal and financial information to online criminals. Clicking the link takes you to a fraudulent website that has been built to closely emulate the real NatWest website.

The fake website first asks you to enter your NatWest login credentials. Next, it asks you to supply a large amount of your personal and financial information, ostensibly as a means of completing the – entirely fictional – security update.

All of the information you supply can be collected by criminals and later used to hijack your NatWest bank account, commit fraudulent credit card transactions in your name, and, possibly, steal your identity.

NatWest is continually targeted in such phishing scams. It is best to login to your online accounts by typing the address into your browser’s address bar or via a trusted app.

The NatWest website includes information about how to report any NatWest phishing scams that you receive.